[Ksplice][EL6-Updates] New updates available via Ksplice (RHSA-2013:0496-02)

Christine Spang christine.spang at oracle.com
Sat Feb 23 10:54:52 PST 2013 

Synopsis: RHSA-2013:0496-02 can now be patched using Ksplice
CVEs: CVE-2012-4508 CVE-2012-4542 CVE-2013-0190 CVE-2013-0309
CVE-2013-0310 CVE-2013-0311

Systems running RHCK on Oracle Linux 6, Red Hat Enterprise Linux 6,
CentOS 6, and Scientific Linux 6 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2013:0496-02.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on OL 6, RHEL 6, CentOS
6, and Scientific Linux 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-0190: stack corruption with Xen 32-bit paravirtualied guests.

Incorrect manipulation of the stack pointer in the error path for iret
failure with a 32-bit paravirtualized guest could result in stack
corruption.  This could be triggered by an unprivileged user in the
guest to cause a denial-of-service.


* CVE-2013-0310: NULL pointer dereference in CIPSO socket options.

Adding a CIPSO option to a socket could result in a NULL pointer
dereference and kernel crash under specific conditions.


* CVE-2013-0311: Privilege escalation in vhost descriptor management.

Incorrect handling of vhost descriptors that crossed regions could allow
a privileged guest user to crash the host or possibly escalate
privileges inside the host.


* CVE-2013-0309: Denial-of-service in transparent huge pages.

Incorrect checking for present pages could result in a kernel crash,
allowing an unprivileged local user to crash the system.


* CVE-2012-4508: Stale data exposure in ext4.

A race condition in the usage of asynchronous IO and fallocate on an ext4
filesystem could lead to exposure of stale data from a deleted file. An
unprivileged local user could use this flaw to read privileged information.


* CVE-2012-4542: SCSI command filter does not restrict access to
read-only devices.

The default SCSI command filter does not accommodate commands that
overlap across
device classes. A privileged guest user could potentially use this flaw
to write
arbitrary data to a LUN that is passed-through as read-only.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-EL6-Updates mailing list